Introduction
So, to pass credentials to the target machine, you need to do a few things
How to configure DSC to encrypt credentials
In a nutshell, you basically need to deploy a certificate to the target machine and then the management machine encrypts the credentials using the public key of the target machine certificate. More detailed steps below:
- Connect to each target computer
- Generate a self-signed certificate
- Copy the public key to the management computer
- Configure the Local Configuration Manager with the correct certificate thumbprint for that machine
- Create the Configuration Data hashtable for use by other configurations
Script to configure DSC credential encryption
If you know me, I can never really do the same thing twice and if it can be automated then it will be automated. So, this script does all the work for you – just run it from your management machine and point it at your target machine. Just note that it only works with Server 2016 or PowerShell v5.
How to run the script? First we copy and paste the above function into a PowerShell window then run this to save our configuration data into $ConfigurationData
$ConfigurationData = Set-DscLCMCertificate -ComputerName litex01 -Verbose
We can now confirm that your configuration data is correct:
$ConfigurationData
$ConfigurationData.AllNodes
Test out DSC credentials
To do this, we’ll save credentials into $Credential then create a configuration that requires credentials and test it out with our configuration data.
We can then check that our text file has been copied over:
Get-Item ‘\litex01c$temptestfile1.txt’
All done! Happy configuration management! You can see the full code at https://github.com/markgossa/Set-DscLCMCertificate